Seattle Information Technology

By David Keyes, Digital Equity Program Manager, City of Seattle and Amina Fazlullah, Mozilla Fellow 2018

A dozen chattering four-year-old’s pile into the tech learning lab, scamper for their chairs, and jump into their ABCMouse online learning activities. These future technology leaders don’t need to see the link to city or national policies and programs, but they’re at the front end of digital inclusion policy. They don’t need to see policies or lists of funders that made their learning possible, but it’s just as critical as their internet link.

Because a day in the life is a digital day for most of us, the recognition of persistent gaps has led to growing digital inclusion initiatives in many communities. However, the investments and scope of policy and programs by the public and private sector vary considerably and often aren’t well sustained. More apps or faster broadband have not inherently led to greater digital equity. This is an issue we’ve grappled with at the City of Seattle for over 20 years. Seattle has made a long-term commitment to ensure residents get information online from city government, provide public input, and contribute to their neighborhoods and communities. In the hopes of increasing digital equity, here are some observations and suggestions for framing, enacting, and collectively furthering digital inclusion policy.

Terminology helps frame policy. The term “digital divide” began to describe the state of disadvantages between the “technology “haves” and “have-nots.” “Digital inclusion” came into use as a welcoming term to connote the action taken to close the divide. “Community technology” has also been used to refer to these localized efforts. More recently “digital equity” has been adopted from other equity and justice work to better represent the need to make targeted investments and structural changes to address historical patterns of discrimination and disadvantage. Recognition that it isn’t enough to bring the proverbial internet “pipe” to the town or the door has led to more sophisticated policy framing and to initiatives that encompass both broadband access and “adoption.” This was well articulated in Connecting America: The National Broadband Plan released by the Federal Communications Commission (FCC) in 2010, which discussed broadband in terms of availability as well as adoption and utilization. At the National Digital Inclusion Alliance (NDIA), a nonprofit that supports affordable home internet access and technology education, we adopted standard definitions of digital inclusion and digital equity to enable a baseline, common understanding that can be used nationally and locally to guide policies and investments.

Another critical choice of terminology and policy is whether investments aim to reach the “unserved,” with no internet access, and/or “underserved,” those who have some access to internet or other technology but are at a disadvantage for their level of technology access and capacity to use it effectively. The term “vulnerable residents” has also been used be recognize those with digital disadvantages. Research is showing that many are “under-connected” with limited Internet service, challenges of affordability, devices that aren’t reliable, and low digital skill levels which impede their availability to learn, earn, engage, and meet basic needs. How carefully the terms are defined and scoped in digital inclusion policy, practice and funding has enormous implications on whether the divide is actually narrowed. Does it apply to that resident or organization or small business across town or across the valley who cannot get internet service, has limited choices for bandwidth and cost, has limited data, can’t afford the tablet or laptop, or assistive device? Or does it apply to someone who doesn’t know how to open the attachment or search for health information online? A scope of digital inclusion and community technology was adopted into law in Washington State in 2009 when, as part of its state broadband planning, it established a Community Technology Opportunity Program (Revised Code of Washington – RCW 43.330.412).

Anchor policy in comprehensive frameworks. A whole-systems approach acknowledges the complexity and interplay of factors that foster the digital divide. In addition to adopting the standard definitions, there is an opportunity for more companies and communities, anchor institutions, legislatures, and programs to adopt a proven comprehensive framework for their digital inclusion work and to use it to educate and plan. Seattle’s most recent Digital Equity Vision and Plan, launched in 2016, adopted strategic goals in these areas: 1) Connectivity, 2) Skills Training, 3) Devices and Technical Support. Applications and online services are additional digital equity goal areas for the City. The vision for Seattle’s plan makes a clear connection between digital inclusion and race and social justice work by emphasizing the need to reach “those who are historically underserved or underrepresented.” A good reference tool for digital inclusion plans is the federal Institute of Museum and Library Services’ Building Digital Communities, a Framework for Action, co-written with International City/County Management Association and University of Washington Technology and Social Change Group.

Government has a role as a convener & participant, but not a singular responsibility. As investors and shepherds of public interest, governments have the capacity to convene experts and stakeholders to identify needs and muster resources to solve digital inclusion problems. Other institutions, companies, or organizations often partner or lead the establishment of digital inclusion collaborations at the local, regional, state or national levels. Government agencies are important partners in these networks and can provide essential support to sustain them. Funders need to assist in enabling these collaborations or networks to operate and to enable the systems to exchange best practices, tools, and needs. These digital inclusion coalitions or networks provide a valuable channel of knowledge between government, education, non-profit human service providers, neighborhood groups, and the private sector.

Digital inclusion planning and policy should be intentional, and also nurtured. Seattle had the foresight in 1996 to create the first digital inclusion planner position in the country. Portland, D.C., Austin and other cities have followed suit. The planner can help the city focus their educational digital inclusion initiatives, planning and implementation. Find out who is the person or team responsible for digital inclusion planning in your city. Educate and encourage these champions.

On the technology side for local government, digital inclusion consideration should be linked and embedded where the public interacts with technology. In addition to broadband, a digital equity lens should be applied to smart cities initiatives and other public technology arenas of open data, smart cities, Internet of Things (IoT), public engagement and privacy and security where there are public interfaces, engagement, and data. Since nearly all public and human services, jobs and economic development now require digital skills and interactions, these services and the departments providing them also benefit from recognizing and embedding digital inclusion support. In 2017, the City of Seattle Digital Equity Progress Report identified nine city departments that contributed to digital skill building through their programs.

Build community capacity and work with trusted ambassadors. Those from and in the communities with digitally disadvantaged residents are the experts on their needs and bring the best strategies for delivering services. Seattle’s Technology Matching Fund (TMF) and Austin’s similar Community Technology Opportunity Program (CTOP) funding model enable partnerships with those culturally competent trusted ambassadors closest to the communities we’re trying to serve. In trying to scale, some investors and programs have not done due diligence in involving and funding the smaller organizations and representatives who could help ensure program success. There is a risk, but also an opportunity to collaborate and support these organizations in a way that develops their capacity to deliver services and helps cities, universities and other collaborators learn from and share expertise.

Read between the data lines. Telling the story of digital inclusion need and program impact for policymaking requires collection and reflection on both quantitative and qualitative data. It takes data to get dollars…and dollars to collect data and stories of how those four-year-olds benefitted from their time in the tech lab. Policies and investments should enable digital inclusion impact research to be conducted over time and designed with the full participation of the communities served. National data is very helpful, but not always inclusive or reflective of people of color, limited English speakers, those with disabilities, Native Americans, or others. In Seattle, we initiated technology access and adoption community surveying in 2000 that has helped guide our local strategies and continues to this day. No data collection tool is perfect, but choices about strategy chosen and limits need to be conscious and transparent. Also, the indicators change as technology and communities change.

There is important research and data work that needs to be supported, improved and better shared. A growing informal network of researchers and evaluators exchange measures and tools, but not broadly enough or effectively between sectors. An international hub for digital inclusion researchers, indicators, survey tools and data could make a significant difference in the field.

Embed and integrate digital inclusion into your mission and all layers of policy and programs. For cities and towns, or companies and organizations, this means considering digital inclusion plans adopted by leadership, embedding in comprehensive and strategic plans, community development plans, department work plans and budget goals. Digital inclusion advocates need to have internal allies and understand budget cycles well enough to propose digital inclusion investments at times of opportunity.

Public benefit guidelines, regulation and partnerships can and should be used to address multiple aspects of digital inclusion. As 5G and the next generation of telecom infrastructure is deployed, towns and cities have a critical opportunity to develop digital equity public benefit priorities that could guide partnerships, where deployments are made, job training and hiring, and reinvestment of telecom related revenues from fees, pole attachments, or public building use to help low income neighborhoods and residents. This may be through a combination of dollars and services. In Seattle’s cable franchises, we negotiated side agreements for funds for digital equity programs and broadband connections. San Jose has legislation for establishment of a digital inclusion fund. Ensuring the authority for local governments to negotiate public benefits and consumer protections that are responsive to local needs is being strongly challenged and is a significant policy issue for the country.

Finally, someone needs to do more to tackle consumer labeling, education and awareness for broadband and telecom services. The FCC made a small attempt to promote ISP use of a standard optional “nutritional menu” for broadband. Every day, We hear of someone trying to sort out the cost and options for getting broadband service and they’re often trying to sort out bundles of services. Some mobile providers are to be credited for starting to simplify plans. Residents who can least afford it, are most challenged to understand the plans, and don’t have techies and economists in their social network, are more likely to be upsold services and bundles they can’t afford, pay more of their income, and have greater problems getting help. This structural issue is unjust and perpetuates an economic and digital divide.

Policy is iterative and relies on you. The attention to digital inclusion policies and other policies which embrace digital inclusion is growing and will keep changing. It lies at the intersection between technology growth and developing thriving, inclusive communities. It’s exciting to see champions of digital inclusion across the world in all sectors. Often, getting policy going just requires a few threads, a few people in a room, and a visit with those four-year-olds or others eager for the digital opportunity many of us take for granted. Get out there, get moving. We have work to do.

David Keyes works at the intersection of information and communications technology adoption, broadband, race and social justice, research and community capacity building. He was the first community technology planner in the country in 1996 and led the development of Seattle’s digital inclusion programs and policies. He has been an active contributor and presenter for a wide range of boards and programs. In 2016, David became the inaugural Charles Benton Digital Equity Champion, awarded by the National Digital Inclusion Alliance and the Benton Foundation. He is graduate of Antioch College and the University of Washington Evans School.

Amina Fazlullah was a Mozilla Fellow (2017/18) where she worked to promote policies that support broadband connectivity in rural and vulnerable communities in the United States and abroad. She is currently Policy Counsel with Common Sense Media focusing on federal policies that impact the digital equity and privacy of kids and families. Amina was formerly the Benton Foundation’s Policy Director, where she worked to further government policies to address communication needs of vulnerable communities. Before that, Amina worked with the U.S. Public Interest Research Group, and for the Honorable Chief Judge James M. Rosenbaum of the U.S. District Court of Minnesota and at the Federal Communications Commission. She is graduate of the University of Minnesota Law School and Pennsylvania State University. She is also a board member of the National Digital Inclusion Alliance.

Councilmember Lisa Herbold (District 1, West Seattle, South Park), who has led efforts related to disabilities-related issues since first being elected in 2015, is pleased to announce the addition of real-time captioning by Seattle Channel to its live cable TV broadcasts of City Council meetings, including committee and special meetings. Closed-captioned Council meetings will also be archived for playback on the air and online at seattlechannel.org and Seattle Channel’s YouTube site.

“Until now, hard-of-hearing individuals were essentially shut out of the conversation altogether because they could not hear the discussion as it was taking place,” said Councilmember Herbold. “Accessibility is an important part of our democracy. All viewers, regardless of their abilities, should be able to see or hear the interactions and conversations that occur in any public City Council meeting,” Councilmember Herbold said. “With the addition of real-time captioning, these very same individuals will be able to follow along by reading the ‘transcript’ of the meeting as it occurs, thereby ensuring an equal opportunity to participate in our Democracy. I hope to, in the future, expand closed captioning to all of the Seattle Channel’s programming so hard-of hearing individuals can appreciate all of Seattle Channel’s fantastic civic programing.”

Seattle Channel selected VITAC, a national captioning company, through a competitive process. Closed captioning improves government transparency and accessibility by making content available to more people, particularly viewers who are deaf or hard of hearing. Captions can also improve comprehension for some, including second-language viewers.

“Seattle Channel is pleased to add captioning to Seattle City Council meetings,” said Shannon Gee, Seattle Channel general manager. “Captioning adds to our mission to provide transparent and increased access to government, and it supports the City’s digital equity goals. We thank Councilmember Herbold for her support and advocacy.”

The addition of closed captioning is part of the Seattle City Council’s objective to increase accessibility to Seattle government. The Seattle City Clerk provides accommodations to Council meetings, including translation and interpretation services, and the Council Chamber is equipped with assisted listening devices and an induction loop system.

“We want community members to be able to access all of the information that’s being shared and discussed at these important public meetings,” said Eric Scheir, who is deaf and serves on the City of Seattle’s Commission for People with disAbilities, which included captioning among the highest priorities in its work plan. “Closed captioning will provide a better experience for those who are deaf or hard of hearing. This is an exciting development as we continue to work to make it easy and possible for all community members to participate in local government.”

Seattle Channel, an award-winning municipal television station, is available to cable television subscribers in Seattle on channel 21 on Comcast (321 HD) and Wave (721 HD) and on CenturyLink channel 8003 (8503 HD). Programming is also available live on the web at www.seattlechannel.org), which includes a robust archive of thousands of programs available on demand.

A gathering of more than 40 community members resolute on co-designing a network dedicated to resource sharing and collaboration around digital equity took place on October 25, 2018. The event, hosted by Seattle Information Technology’s Community Technology team, brought together participants from a wide range of organizations and institutions dedicated to increasing digital equity across our region.

Participants included representatives from Seattle Public Schools, University of Washington Information School, Seattle Public Library, Seattle Goodwill, Casa Latina, Somali Family Safety Task Force, Literacy Source, Chinese Information and Service Center, and CenturyLink, among others.

Through facilitated discussions, the group drafted a common purpose statement for the work ahead: to develop relationships, strategies, and resources to ensure equitable access to digital technologies, opportunities, skills, and knowledge to enable communities to thrive.

A common theme throughout the morning’s conversations was the understanding that as we move into the future, digital equity is essential for all individuals – young people, adults, and seniors – to thrive in our changing world. Access to the internet and the ability to navigate digital technologies are essential when accessing education, seeking and applying for jobs, and maintaining basic connections to community.

Toward the end of the morning, the group identified their collective list of the most pressing issues related to digital equity. These include increasing the accessibility of affordable internet and devices, giving parents adequate internet access and skills necessary to support the learning opportunities of their children attending Seattle Public Schools, and directing attention to communities most vulnerable to barriers like income, language, education level, or involvement in the justice system.

Participants left the gathering energized to connect with each other, and eager to build collaboration across organizations with different approaches to addressing digital equity. This gathering was a first step in the effort to convene a wide range of stakeholders. Similar meetings in the future will solidify action steps and opportunities for collaboration across sectors and communities.

As a city at the forefront of technological advancement, Seattle risks an increasing divide between the hyper-connected and those who lack internet access and digital skills due to systemic barriers. Service providers, government, public school systems, and private companies all have a stake in ensuring that no one is left behind as technology moves full-steam ahead.

When Eliud Kipchoge beat the marathon world record this year in Berlin, my jaw dropped. He ran a marathon in 2:01:39! This beat the previous world record by 78 seconds. So, in about the same time that you sit down to watch a movie and snack on popcorn, someone else can run 26 miles. What makes this even more remarkable is that he was so fast that his pacers could not keep pace with him. Eliud had to run almost half of the race alone due to pacers dropping out.

I look at Eliud and think, here is an unbelievable athlete that stands alone, running against soreness, determined with each step to not only win a race but be the best of all time. As he ran alone, it is easy to remark on how he accomplished this all on his own. How he, alone, without help, achieved greatness no one ever dreamed was achievable.

Not to compare being a cybersecurity professional to being a record breaking athlete but I am going to do just that. In many organizations, it is easy to look at the security team and say, it is up to them to make sure we are secure. As the person responsible for cybersecurity in the City of Seattle, I am often stopped in elevators and hallways with the half-joking question, “So, Andrew, are we secure today?” people ask with a smile. They mean it to be a casual remark, but every time I hear that question it reminds me not only of the honor I have to carry this responsibility, but also of the mindset of others that security is always someone else’s problem. Yet, security is everyone’s problem. They think we can snap our fingers and wipe out hackers. As much as I would like to think that we are as powerful as the all-powerful fictional character Thanos, that just isn’t the case (That was a very nerdy reference to a superhero movie. To the twelve of you reading this that got the reference, you are welcome.)

When Eliud beat the world record, he did not do that that alone. He is part of the NN Running Team. He had his coach, Patrick Sang. He had medical assistants. He had physical therapists. He was part of a running team with some of the top athletes in the world, including Kenenisa Bekele and Geoffrey Kamworor, and many others that, collectively, claimed a staggering 52 victories in the first 12 months of the team’s inception. There were his pacers and there were the staff that operated behind the scenes supporting communications, marketing, finance, and operations. You get the point. While it may appear that one person did it all, it took many supporting the goal to achieve success.

For the City of Seattle, or any other organization for that matter, to achieve success in cybersecurity, it can not be up to a team labeled as security professionals.

This October marks the 15th anniversary of National Cybersecurity Awareness Month. One of the key messages for this year’s cybersecurity awareness campaign is “Tackle it Together.” Cybersecurity is a cross-cutting, cross-sector problem and must be tackled together. We are all connected in this thing we call cyberspace and each of us have a role to play in cybersecurity.

What does this mean for you?

This means reporting suspicious phishing emails to your security team so that they can make sure others are not receiving the same phishing scam.

This means stopping the individual attempting to tailgate behind you without badging in and saying, “Would you mind badging in?”

This means following security policies, even when it would be easier not to follow them.

This means locking your workstation every time you get up from your desk.

This means taking the time to read regulatory compliance requirements if they pertain to your job.

No single security team can accomplish cybersecurity on its own. Like Eliud, we may get the attention when there is success, but we also recognize that success is only because of the many individuals who helped behind the scenes to get us there. To the many, many individuals who help the City stay secure without any expectation of acknowledgement, thank you. We cannot do it alone, and we recognize every day that we stop threats only because of those vigilant, security-minded individuals like yourself that take that extra step to report those threats to us.

As we conclude this three-part series of blogs for cybersecurity awareness month, I want to put a twist on ending with three tips. Rather than leave you with three security tips, I want to leave you with three quick biographies of cybersecurity heroes that have inspired me in my growth as a cybersecurity professional:

Dark Tangent (AKA Jeff Moss) I cannot give a list that does not recognize this Seattle great whose handle is known among hackers around the world. Jeff launched the first Defcon hacker conference in the early 90’s. In 2018, this conference had over 27,000 attendees doing everything from social engineering competitions, hacking medical devices, finding new vulnerabilities in automobiles, cracking safes, and cracking complex cryptographic puzzles. This last Defcon, Emily Skinner, an 11-year-old girl, demonstrated her ability to hack into a voting system to modify election results in under ten minutes. No other conference in the world has done more to encourage cybersecurity research, raise security awareness, and find innovative ways to tackle security threats. And no other conference has done more to bring together misfit rebel computer geeks to a place where it is socially acceptable to go to a party and talk about ROP chains, heap overflows, Z-Wave spoofing, and malware obfuscation packers as if those were cool topics. Jeff Moss had the drive to create a safe place to foster security research, awareness, and honest discussions to find solutions to today’s challenges.

Woz (AKA Steve Wozniak) Many people know Steve Wozniak as the co-founder of Apple (or his Samba performance on Dancing with the Stars). What many do not know is that Woz, at his core, is a hacker. He started out as a “phone phreak”, a term for people who hacked phone networks (I’m sure it was a cool term at the time). In the 1970s he was known as “Berkeley Blue” and would create “blue boxes” that would allow him to hack into phone networks and make free calls. Woz learned how to make these blue boxes from another phreaker, Captain Crunch, aka John Draper. John discovered that the whistle that came in the Cap’n Crunch snack boxes generated a tone at exactly 2,600 Hz, and could be manipulated to generate the exact tone needed to trick pay phones into entering a mode that allowed for free calls. Now, as the CISO for the City of Seattle, I do not condone hacking illegally. Woz himself has said many times that he never once hacked a computer “for real”, but rather was trying to figure out how technology worked, how to find holes in security controls, and how it could be manipulated to do things it was never meant to do. He would read electronics journals for fun, build TV jammers, and trick friends into giving up credentials. But it was never about committing crimes. What Woz taught us all was that we should never take technology at face value. Never trust a vendor’s promises completely. Security research that discovers a bug will only benefit everyone (when following responsible disclosure). He taught us all that the technology we use is built by fallible humans like all of us, and that testing the technology to see if it can act in ways it was never intended to do was not only useful, it was best practice. He pioneered quality assurance, quality control, development operations, penetration testing, and reverse engineering well before his time.

Al-kindi (AKA Abu Yusuf al-Kindi. Al-kindi) was a 9th century Muslim philosopher, mathematician, astronomer, medical doctor, and all-around genius of his time. Al-kindi is known as one of the great fathers of cryptography. What made Al-kindi so influential was not that he created advanced algorithms that are so secure they can not be solved today, but rather that he developed a formal approach to breaking cryptography. He flipped the hiding of messages on its head, and sought ways to reverse engineer cryptographic algorithms, and birthed a new study of cryptoanalysis. He is believed to have authored over two hundred books, and this is before the days of Wikipedia! One of his most famous books is called “On Deciphering Cryptographic Messages”, which was revolutionary at the time in cracking cryptographic messages. Al-kindi used frequency analysis, where he looked at the frequency of common letters and words. If you ever watched the game show Wheel of Fortune, you have seen Al-kindi’s cryptographic frequency analysis in action. Why do contestants often choose the same letters, such as R, S, T, L, N, and E? Because those are the most common letters in English text. On average, the letter E accounts for 12.7% of letters in English text, while J, Q, X, and Z combined add up to less than 1%. Now I’m oversimplifying Al-kindi’s work but think of him as the person who discovered that to win the game show you should pick those letters. Would you believe that Al-Kindi’s frequency analysis helped save Elizabeth I’s life? A codebreaker, using Al-Kindi’s approach, was able to crack a message detailing an assassination attempt on her life. Some have said that Al-Kindi’s work laid the foundation for the cryptoanalysis that cracked the Enigma machine in World War 2, saving thousands of lives in the process. For me, Al-Kindi’s story has taught me that you do not always need to be the one that builds the solution. The one who analyzes, discovers patterns, and breaks the code is equally important. You do not have to be the person who develops the software, architects the network, or builds the next disruptive mobile application that flips market trends. There will always be a need for that person that questions the norm, challenges what is accepted, and pokes holes in security. In doing so, new solutions can be made to further cybersecurity and cryptography, protecting everyone until the next cycle completes.

May we never forget the pioneers before us, and may we aspire to be those thought leaders and influencers that inspire future generations as those before us have inspired us.

Director of Security, Risk, and Compliance Andrew Whitaker leads information assurance, security operations, regulatory compliance, and IT policy across all City departments. His cybersecurity specialties include building lean security programs, integrating security into business processes, intelligence-driven threat modeling, and security awareness and training.

He has over 20 years of experience in both the public and private sector, leading consulting services for defense, federal, and intelligence agencies, all branches of the US military, and over a third of the Fortune 500 companies.

When Connie Brault received an iPad as a hand-me-down from her daughter, she was thrilled! But at the same time, not quite sure what to do with the new and unfamiliar technology.

“I’m absolutely, stunningly lost,” Brault said in a round of introductions at the West Seattle Senior Center’s monthly computer class in early October. The computer room, filled with eager students, came to learn the basics of how to operate a tablet. Emily Lynch and Orlando Lugo are the instructors for the classes as part of a partnership with The Seattle Public Library. In class, they started with the basics like scrolling, clock app functions, and taking photos.

“Most of my photos are of my feet,” Brault told her classmates. “I can never figure out how to make it stop taking photos,” she said with a laugh.

Each student named something they’d like to learn to help shape the curriculum in the 90-minute class. Buying tickets online, using the map function, building and sharing a grocery lists, and how to play a podcast were a few of the requests.

The Burke Dykes Computer Center, named after the long-time volunteer who both developed the idea for the computer lab and secured funding, has a bevy of topics that are covered each month. Computer basics, email basics, and how to use social media are the popular classes that reoccur. More advanced classes like learning smart phones, online self-defense, navigating the news, and even introduction to iMovie are on the roster as well.

“We like to rotate them around and introduce new subjects along with the old standard classes,” said Cherie Schumacher, who runs the program at the Senior Center. “They can also drop in with computer issues or make an appointment to speak with someone about a specific issue.”

The lab is funded in part, through a Technology Matching Fund grant. The City of Seattle commits to awarding the grants each year as part of its focus on improving digital equity in Seattle. The grants provide funds of up to $50,000 each year to projects that work to close the digital divide. In other words, eliminating the gap between demographics that have access to modern information and communications technology. The applicants must match the funds with contributions of volunteer labor, materials, professional services, or cash.

The West Seattle Senior Center has received the grants in 2001, 2009, and most recently in 2017. Initially, they used the grant funding to set up the computer lab. This year’s $13,397 grant funded printers, cables, toner, paper, and other supplies for the computer center. The Center will provide this service free to the public. Although mostly seniors attend, the classes are open to anyone.

For Brault, it was her first class, but she plans on attending more. Now that the class has helped her master the new-to-her tablet, her technology possibilities are wide open.

When I was ten my parents sent me to summer camp. Unfortunately, I was one of those kids who always found myself hanging out with the “wrong crowd”. At summer camp I made a friend named Jacob who taught me how to pickpocket. So, while other kids were learning to weave baskets, we were walking around practicing our wallet-stealing skills. It was a futile effort, as ten-year old kids don’t often carry wallets and, if they do, it was usually to store Garbage Pail Kid trading cards and not money.

Luckily, I grew out of that summer hobby. I often wonder if Jacob is still pickpocketing today. If he was clever though, he would have learned by now that there is a much easier way to steal a wallet. Can you guess the easiest way to steal a wallet? It is by simply asking for it.

The easiest way to steal someone’s money is to scam someone into giving it to you freely. This is why multilevel marketing scams, Ponzi schemes, and fake charities are far more dangerous than a thief trying to pickpocket you. These scams trick people into giving money, often for long periods of time, and in large amounts.

In the same way, the easiest way to hack your password is not by a sophisticated hack. It is not even by guessing. It is much easier than that. It is by tricking you into giving up your password through phishing scams.

A phishing scam is when a hacker spoofs an email to appear legitimate and attempts to trick someone into giving up a username and password. Common approaches include pretending to be someone high-up in your company, IT support staff, an online gift or greeting card, or a shipping company with an important message. All of them will, in one fashion or another, attempt to trick you into clicking on a link that takes you to a website requesting you to enter your username and password. In other words, phishing is throwing out bait and hoping you fall for it. It is like fishing, except with a ‘ph’, because security professionals think changing an ‘f’ to ‘ph’ is cool (yah, I don’t get it either).

Here are three quick tips to protect yourself from phishing attacks:

Do not click on links from people you do not know. Remember that saying your parents taught you, “Don’t take candy from strangers.” Hackers will often hide the real address of a malicious website by disguising it in an email with a link that looks legitimate. I’ll spare you the technical details, but it’s as easy as slipping on your costume for your neighborhood Halloween party. Not hard to disguise, but it masks the real identity. If you are sent this at work, contact your security team. If at home, one quick tip is to hover your mouse cursor over the link and, after a second or two, you should see the real website address appear either next to the link in the email or in the bottom of the browser window (your mileage may vary; this does not work with every email client). If the link looks suspicious in any way, such as a series of random characters, do not click on it.

*As a quick side note, pay special attention to random text messages with links. This is a common technique today, as people are often far more likely to click on a link on their cell phone than their computer. If you receive a text message from someone you do not know, and it contains a link, do not click on it. Delete it. And be sure to high five yourself afterword knowing you were not tricked by the foolish hacker.

Grammar counts. Many of the phishing attack emails use poor grammar, have misspelled words, and even uncommon fonts. Sure, it may be a sign of the hacker using English as a second language, but in the days of spellcheck and grammar check, there is no excuse for poor grammar and spelling in phishing emails. Many email clients will even show you those squiggly red lines underneath words that are not recognized. Are hackers so dumb that they do not know how to write a grammatically correct email? Are they that lazy that they ignore those red squiggly lines letting them know that a word is misspelled, or a sentence is not using proper grammar? I’m going to let you in on a secret: The misspelled words and poor grammar found in many phishing emails are often intentional. The general theory is this: if a person is willing to fall for an obvious fake email, despite numerous clues like poor grammar and spelling, then the person is highly susceptible to not only being scammed but being scammed repeatedly and not reporting it.

Remember this saying, “you are a target.” The majority of hackers are opportunists. It is a numbers game. If they cast a wide enough net, they will catch someone with their phishing scam. In the City of Seattle, over half of all email sent to the City are spam or phishing attempts that are, luckily, blocked before they even enter our network. There are others that are just sneaky enough to get past our protections, and when they do, we have a staff dedicated to detecting, removing, and blocking those emails before they impact City employees. They use similar tactics, requesting employees to click a link and enter credentials to access a file or a message that is “urgent”. They don’t care who falls for it; they are playing the numbers game. Remember, you, and I, are targeted just like everyone else. That does not mean we have to be paranoid, but if you remember that most hackers are looking for targets of opportunity, then you can approach technology in a safe and secure manner. You’ve probably heard of the importance of being ‘street smart’; well, think of this as being ‘digitally smart’.

Director of Security, Risk, and Compliance Andrew Whitaker leads information assurance, security operations, regulatory compliance, and IT policy across all City departments. His cybersecurity specialties include building lean security programs, integrating security into business processes, intelligence-driven threat modeling, and security awareness and training.

He has over 20 years of experience in both the public and private sector, leading consulting services for defense, federal, and intelligence agencies, all branches of the US military, and over a third of the Fortune 500 companies.

Stories of identity theft and data breaches are all too common in our headlines these days. If the cybersecurity headlines of 2018 were put in a book, every page would reveal a depressing fact.

A social media giant has 87 million records breached

An apparel company has 150 million records breached

A marketing firm has 340 million records breached

Cities hacked across the country

State-sponsored hacks against voting systems

You get the idea. By the time you reach half way through the book of headlines, you are ready to put it down. Is there any hope for living in a world where our online identities can be safe?

I enjoy reading suspense novels. A good suspense novel leads the reader to a point of insurmountable odds, only to have the one lucky break that allows the heroine or hero the opportunity to escape the villain, solve the crime, or rise above the disaster. I read suspense novels to remind me that no matter how bombarded we are with news of data breaches, there is always a way to turn the story around.

Yes, data breaches happen. Yes, online technology is always a risk. Of course, we take risks all the time. One the time I decided to eat sushi in a diner in the middle of the Pocono Mountains. Trust me, I won’t do that again any time soon! So yes, bad things happen to all of us. Headlines about data breaches have not stopped people from going online, but it should make us more aware of the dangers and be smart about how we go online.

This October marks the 15th anniversary of National Cybersecurity Awareness Month. Seattle Information Technology joins a collaborative effort between the U.S. Department of Homeland Security and the National Cyber Security Alliance to help raise awareness during this month. Over the next few weeks, we will share a series of short blog articles on how you can take small steps that can make huge impacts in protecting your identity when using technology online.

For this first post, let’s talk about secure passwords. Now, I know that doesn’t sound very exciting, and I wish I was talking about some advanced hacker technique, but the reality is that weak passwords remain the number one way hackers get into accounts. No matter what online service you use, chances are that the website requires you to log in with a username and password. They identify and authenticate your identity.

Here are three tips to secure your passwords:

Use long passwords. I’ll spare you the fancy mathematical algorithms to just say that the longer the password the harder it is to figure out. In fact, in most cases, that matters more than the complexity. For example, take a lottery ticket. How easy would it be for someone to get the winning number if the lottery ticket only had four numbers each ranging from 0-9? Now, many in the security community will debate what the right number of characters should be, and rather than if the password should be eight or thirty characters. I suggest this: Try to improve your cyber presence by increasing the number of characters in your password by four characters this year. Whatever passwords you currently use now, change them and add four more characters. Next year, increase it again. When you get to twenty characters or more, you can stop, because at that point you are just typing the alphabet.

Don’t write down your passwords. If you were to look in your wallet or purse right now, chances are your driver’s license or other identification is there. Whether you are going through TSA at an airport security line, or entering a 21 an over bar, you are asked to validate that you are who you are, and that is done through a form of identification. Your physical ID is not unlike your password. You let others look at it, but you do not give it away. In the same way, secure your passwords. Do not give them away by writing them on notes and sticking them around your computer. There are several secure password management tools to help secure your passwords. I use KeePass. LastPass is another popular one. Both store your passwords in a secure location and require a strong password to unlock and access passwords.

Change your social media and email account passwords frequently. Many websites these days offer you the option of connecting to your Facebook, Google, or other popular online account. Using that integration takes away the challenge of remembering multiple passwords. Yet, if your password is ever compromised, ever site that uses the same authentication through Facebook, Google, or other popular sites, will also be compromised. Often, hackers will hold on to those passwords for a long time, trying to sell them to other people, and you won’t even realize that you have been hacked for months later. Changing your password frequently protects you if your password is compromised, and you do not know it yet. How often should you change your password? Security professionals argue everything from once a month to once every six months. I recommend keeping it simple: change your password every time you change your toothbrush (assuming, of course, you change your toothbrush regularly!). The American Dental Association recommends that you replace your toothbrush approximately every three to four months. If you can remember that, just change your passwords next time you change your toothbrush. Your online identity and your dentist will thank you!

Director of Security, Risk, and Compliance Andrew Whitaker leads information assurance, security operations, regulatory compliance, and IT policy across all City departments. His cybersecurity specialties include building lean security programs, integrating security into business processes, intelligence-driven threat modeling, and security awareness and training.

He has over 20 years of experience in both the public and private sector, leading consulting services for defense, federal, and intelligence agencies, all branches of the US military, and over a third of the Fortune 500 companies.

Before the thousands of feet of wires are laid, before the laptops and PC’s are fired up, and before volunteers greet the thousands of people who will be given free medical and dental care, a small Seattle IT’s team has planned for months to bring reliable technology to Seattle’s KeyArena. The 5th annual Seattle/King County Health Clinic kicks off Thursday, September 20. For Seattle IT’s Stephen Burke, Kevin Tom, Geramy Wong, and Ivan Balbuena, the planning started in January.

Each year, the mission is the same: Create a dependable network of devices and internet connections that will be user-friendly for nurses, doctors, and other volunteers that staff the clinic.

“These are non-technical people,” said former End User Device Support Supervisor Eric Bell who has been part of the technology team in part years. “They don’t have time to troubleshoot through technical issues or to learn new systems. We have to simplify it for them.”

Photo courtesy Auston James

The clinic provides a full range of free dental, vision, and medical care to underserved and vulnerable populations in the region. The line starts forming the night before to be treated at this clinic each year. In 2017, more than 4,000 patients received just over $3.7 million in services. The clinic serves a racially diverse and economically disadvantaged patient population. For Seattle IT staff, who are on location for the entire four-day clinic, it feels like more than just a day’s work.

“It almost makes you want to cry to watch how important it is to these patients to get care,” Balbuena who is the end user device support manager. “For those who do not speak fluent English, being able to talk to someone in their own language is a big deal.”

The clinic provides in person and virtual interpreters. Last year, 51 primary languages were spoken.

The team is taking a new challenge at this year’s clinic. A new program will be used for dental x-ray machines. Seattle IT staff will be ready to support the new technology.

Photo courtesy Auston James

“It’s amazing how it all comes together each year,” said Bell. “Everybody is running around and busy and they all have great attitudes. All the volunteers are just happy to be part of the team that makes the clinic happen.”

Seattle IT provides 45 laptops and 25 PCs to the clinic. The team also builds the extensive internet network, including all the wiring, and connects all other technology devices like printers and medical equipment. Between planning, setup, and staffing, the team spends an estimated 500 hours on the clinic.

In a quiet corner of First Hill’s popular Frye Art Museum sits a beautiful bench that is not just for sitting, it has a story and is the focal point of a unique exhibit. The bench represents the brain child and months of work by an ambitious group of teenagers who set out to improve their design and digital literacy skills. The teens, ten high school students from Seattle’s Central District, signed up for a spring session in Yesler Community Center’s technology learning lab that ended with an exhibit opening at the Frye with their work as the main art piece.

In the Bench Mark exhibit that surrounds the bench there are rudimentary drawings of benches, each with a unique concept. There are also some doll-size mock-ups created from the drawings that show the evolution of the project and the thinking process of the teens. Some drawings incorporated modern touches including cell phone chargers and umbrella holsters. The official assignment was to research, design, and commission the making of a bench. The project gave them an opportunity to work with teaching artists and architects and take field trips to look at design in our urban environment.

“We visited benches and looked at architecture at the University of Washington, in Downtown Seattle, and at several parks in Seattle to get some ideas on design,” said Asfaha Lemlem who runs the program at Yesler Community Center.

Then the teens returned to the computer lab to learn more about the architecture of a bench and find inspiration for their design.

Tam Nguyen, a junior at Seattle Central College’s running start high school program, says the project opened his mind to what technology can be used for.

“The funnest part was putting together the 3D models of the benches,” said Nguyen. “I learned about the dimensions and design part of architecture.”

Practicality won out in the end with the final piece featuring a modern look referred to in the exhibit as urban simplicity. Nguyen offered some advice for anyone wanting to learn the technology behind design.

“Go crazy with ideas and push yourself when you brainstorm,” Nguyen said.

Many of the students have taken multiple digital skill-building workshops at the Yesler tech education lab, which has developed strong education and community engagement partnerships with the Frye, Seattle University, and others. Yesler is one of five “Rec Tech” digital equity and opportunity centers operated by the Associated Recreation Council in Seattle Parks and Recreation facilities. Seattle IT has been a major funder of the programs through our Community Technology Program digital equity grants. The mission of Rec Tech is to facilitate effective technology-driven programs providing education, recreation, and community development services for children, families, and neighborhoods.

Participants in this program are happy with their final project and proud of their new skills and contribution to the community. When the bench leaves the exhibit, it will be installed outdoors near the Yesler Community Center.

In July, Seattle IT’s Digital Services Usability and Design team partnered with Civic User Testing (CUT) to facilitate usability testing on the Seattle.gov web site. (Learn about the CUT group and volunteer with them at http://openseattle.org/cutgroup/#about).

The intended goal of the project was to understand if people were able to successfully navigate to popular City services on their mobile devices. The project team was hoping to create a list of design updates for its development team to implement, for example, changing navigation labels or interactions like tapping from the top navigation to page navigation.

PICTURED: SHELLY SMITH FROM THE USABILITY & DESIGN PROGRAM WITH CUT GROUP MEMBERS ROBERT RACADIO AND MEGAN BRUCE

Participants

Project leads chose to partner with the Seattle Housing Authority to include low-income Seattle residents. With guidance from Community Builder, Andy Chan, it was decided to facilitate a usability test on site at a subsidized housing building on First Hill to make participation easier.

Overall, 10 people participated, which was the target. Generally, usability testing is aimed at collecting qualitative insights to drive design, not numbers. Typically, it takes about five people to find most usability issues. (https://www.nngroup.com/articles/how-many-test-users/)

Participants used their own mobile phones to navigate to Seattle.gov and complete some common tasks like paying a parking ticket, finding community classes, and reporting garbage.

What they learned

While the team did learn a few things to improve the site navigation and terminology, they also learned about their own digital biases. There are many digital conventions that they take for granted that are still not ubiquitous to some user groups.

The group of people they interviewed had a different digital vocabulary. Some participants did not regularly use the words “web page” or “browser” so the language was quickly changed to be more generic.

Mobile “hamburger” menus are debated widely in the design community. The test confirmed this group of users were not familiar with it. They mostly used the apps on their phones that were installed by the manufacturers or heard about from friends or family from word of mouth.

The CUT group were the main organizers and they compensated participants with Visa gift cards. The paradigm of activating the gift cards were also not well understood.

Many participants did not know how to pinch and zoom.

Based on the City’s 2014 Community Technology report, low-income users are twice as likely as other groups to have smartphone-only internet access. However, some participants had free phones provided by government services that they were hesitant to use based on bandwidth and limited data plans. While Seattle is a tech hub and many residents expect to complete many services online, there are residents that still need basic digital education and access.

PICTURED: FREE PHONE PROVIDED THROUGH ASSURANCE WIRELESS

Next Steps

The team will use what they learned about navigation and terminology to update the web site. They will be iterating with the Digital Services development team soon on a mobile-first navigation that is simpler and more obvious to use.

The team will also continue to learn firsthand about the needs of residents to improve the web sites and apps and usability test with them to understand if digital properties can be improved.

Volunteers needed to test upcoming projects!

Sign up to give feedback on upcoming iterations. The team is looking for a diverse mix of people across the city to test digital experiences or participate in design research. Typically, participation is about an hour of your time.